A New Identity-Based Authentication Scheme for SIP

Abstract

The session initiation protocol (SIP) is considered as the dominant signaling protocol for Voice over IP. However, SIP authentication typically uses HTTP digest authentication, which is vulnerable to many forms of known attacks. This paper proposes a new secure SIP authentication scheme using identity-based cryptography, which provides stronger security assurances for SIP mutual authentication and session key agreement. The main merits include: (1) it achieves mutual authentication and session key agreement, (2) it does not maintain any password or verification table in the server, (3) it prevents various possible attacks induced by open networks and signaling attack for the standard SIP messages, (4) it effectively avoids the requirement of a large public key infrastructure.